-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 09 Mar 2024 10:38:51 -0500 Source: postfix Binary: postfix postfix-cdb postfix-cdb-dbgsym postfix-dbgsym postfix-ldap postfix-ldap-dbgsym postfix-lmdb postfix-lmdb-dbgsym postfix-mysql postfix-mysql-dbgsym postfix-pcre postfix-pcre-dbgsym postfix-pgsql postfix-pgsql-dbgsym postfix-sqlite postfix-sqlite-dbgsym Architecture: arm64 Version: 3.5.25-0+deb11u1 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Scott Kitterman Description: postfix - High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-ldap - LDAP map support for Postfix postfix-lmdb - LMDB map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix postfix-sqlite - SQLite map support for Postfix Changes: postfix (3.5.25-0+deb11u1) bullseye; urgency=medium . [Wietse Venema] . * 3.5.25 - Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the 'reason' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session. Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c. - Cleanup: Postfix SMTP server response with an empty authentication failure reason. File: smtpd/smtpd_sasl_glue.c. - Bugfix (defect introduced: Postfix 3.1, date: 20151128): "postqueue -j" produced broken JSON when escaping a control character as \uXXXX. Found during code maintenance. File: postqueue/showq_json.c. - Cleanup: posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. Viktor Dukhovni. File: posttls-finger.c. - Bugfix (defect introduced: Postfix 2.3): after prepending a message header with a Postfix access table PREPEND action, a Milter request to delete or update an existing header could have no effect, or it could target the wrong instance of an existing header. Root cause: the fix dated 20141018 for the Postfix Milter client was incomplete. The client did correctly hide the first, Postfix-generated, Received: header when sending message header information to a Milter with the smfi_header() application callback function, but it was still hiding the first header (instead of the first Received: header) when handling requests from a Milter to delete or update an existing header. Problem report by Carlos Velasco. This change was verified to have no effect on requests from a Milter to add or insert a header. File: cleanup/cleanup_milter.c. - Workaround: tlsmgr logfile spam. Some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. File: tlsmgr/tlsmgr.c. - Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance. File: smtpd/smtpd.c. - Performance: eliminate worst-case behavior where the queue manager defers delivery to all destinations over a specific delivery transport, after only a single delivery agent failure. The scheduler now throttles one destination, and allows deliveries to other destinations to keep making progress. Files: *qmgr/qmgr_deliver.c. - Safety: drop and log over-size DNS responses resulting in more than 100 records. This 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is well below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This also limits the number of DNS requests from check_*_*_access restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c, dns/test_dns_lookup.c, posttls-finger/posttls-finger.c, smtp/smtp_addr.c, smtpd/smtpd_check.c. Checksums-Sha1: 171eb205ea0ae92f3364627b498f26e56556d115 9908 postfix-cdb-dbgsym_3.5.25-0+deb11u1_arm64.deb a723a5cd60e07e27dfe812ba7de78ad87904e6f3 364356 postfix-cdb_3.5.25-0+deb11u1_arm64.deb 604a64a62c5574298392c32455ab5f811f6caa34 2095872 postfix-dbgsym_3.5.25-0+deb11u1_arm64.deb 097966baf1b375169f081c65f52995d1a34dea10 21508 postfix-ldap-dbgsym_3.5.25-0+deb11u1_arm64.deb e15d216c68bd24cc395a6e4b6dd400070ec6d52f 381944 postfix-ldap_3.5.25-0+deb11u1_arm64.deb c655ac2feadf06d59725c88200275f222fdfea78 18404 postfix-lmdb-dbgsym_3.5.25-0+deb11u1_arm64.deb 9ec40366cd3731275e5594bfe53291bc481c6fab 370436 postfix-lmdb_3.5.25-0+deb11u1_arm64.deb fe0021b79ef0b35b529378ad6e2b38eec36bbafd 23460 postfix-mysql-dbgsym_3.5.25-0+deb11u1_arm64.deb 5758f233cee6dc417b17420e062fd43127b9517e 372032 postfix-mysql_3.5.25-0+deb11u1_arm64.deb b29d04f2ddc41bc3f3cab0a2691f0a8b68d599a2 14376 postfix-pcre-dbgsym_3.5.25-0+deb11u1_arm64.deb d2a382441e144ac7aeef2dc6a8b16cd69abdbe70 370000 postfix-pcre_3.5.25-0+deb11u1_arm64.deb 066642a27a7d560152096186124683e37b831751 13224 postfix-pgsql-dbgsym_3.5.25-0+deb11u1_arm64.deb 24e88cde7ab23cd123ff20ae6a86c61ebca280b2 370776 postfix-pgsql_3.5.25-0+deb11u1_arm64.deb c30b82b441617b0d5d8832cea9b521b79ff1e018 7824 postfix-sqlite-dbgsym_3.5.25-0+deb11u1_arm64.deb c49e5726c10f2b11f50035b06055b0fa0ac1defb 368036 postfix-sqlite_3.5.25-0+deb11u1_arm64.deb 0f914343f24f79c6fc96aaab477a60788d99c60e 12134 postfix_3.5.25-0+deb11u1_arm64-buildd.buildinfo 67d46e209125059e7586e239f41b4df26765d9b0 1517468 postfix_3.5.25-0+deb11u1_arm64.deb Checksums-Sha256: 5f61b28d16f0cea08f35e0da60859ac430512cb3f66701dd2f9e7fbd396c0c74 9908 postfix-cdb-dbgsym_3.5.25-0+deb11u1_arm64.deb bd10160a435d40ff3c2c528376a3f965df86815c95db0483ba58066f0d44b759 364356 postfix-cdb_3.5.25-0+deb11u1_arm64.deb 66c102e626c64e9c9703b240df9177445db211956b4e414306ddd496a8a1a370 2095872 postfix-dbgsym_3.5.25-0+deb11u1_arm64.deb 478c28d3fe02bfae92e859e5b390004cd8fdd16b000483c0027cc1fee7e2a1ce 21508 postfix-ldap-dbgsym_3.5.25-0+deb11u1_arm64.deb cf582363de159a47a4326e363d9e3f94e54d7bae04391c8e7bc10d2beb0cedb1 381944 postfix-ldap_3.5.25-0+deb11u1_arm64.deb cfa13356fffba7a5a8de27c207bcf4c6ee83d47590a894fd7acdee44310db042 18404 postfix-lmdb-dbgsym_3.5.25-0+deb11u1_arm64.deb 85cb7ce0af59aa7052f382691fb87e3b93cd61674f7d0cefe5f3c5733893466b 370436 postfix-lmdb_3.5.25-0+deb11u1_arm64.deb 44d5c722b80f1a5a75f7f205505a54dd8ee18d176ede05dc8baea63ae7f10eea 23460 postfix-mysql-dbgsym_3.5.25-0+deb11u1_arm64.deb 094878a5c30f8923bb730312fd0fd0c2c8786a7764ee4285a24c64892ad2ab3a 372032 postfix-mysql_3.5.25-0+deb11u1_arm64.deb fc315ad06c8d004588149f78d68eb3e23c5589ad67fb6763b9302df0bece4123 14376 postfix-pcre-dbgsym_3.5.25-0+deb11u1_arm64.deb 78800387f9d45979765e8cd72e924063001f706eeae5e13d8ab1fc86dd0aaf09 370000 postfix-pcre_3.5.25-0+deb11u1_arm64.deb 9fcfed53cc216c1fcc8e4878eef50850e48faf40a45cea3de1950d82132c997e 13224 postfix-pgsql-dbgsym_3.5.25-0+deb11u1_arm64.deb 683d3d3c8bce71f825e058fe6da006a5ad6e1b1798259e2a8697df45802f834f 370776 postfix-pgsql_3.5.25-0+deb11u1_arm64.deb c353dc1df405fd1c855ce1db4f298f1d4108f624a0bdc50b36786da483f098dd 7824 postfix-sqlite-dbgsym_3.5.25-0+deb11u1_arm64.deb 09cdb0d79e297665f4eb7699fec7a0792cdda689c7409f04e0ecb6b882c3a670 368036 postfix-sqlite_3.5.25-0+deb11u1_arm64.deb 30ea209986fab5e9f3c3b47e5e19927cfc84deb6cd32b736e26ca14b8d46d804 12134 postfix_3.5.25-0+deb11u1_arm64-buildd.buildinfo 47d3bbea98b2b2efc2c4e0ea46d07cd1856ef394b3d45416d887033dffc417e1 1517468 postfix_3.5.25-0+deb11u1_arm64.deb Files: 732e231f3f21c9fae0eaff7eb42fb906 9908 debug optional postfix-cdb-dbgsym_3.5.25-0+deb11u1_arm64.deb 75c8b45dd7dfa1a49f1fedb69e604bf0 364356 mail optional postfix-cdb_3.5.25-0+deb11u1_arm64.deb 910be1d9b1908c4176e85a42f9aba86a 2095872 debug optional postfix-dbgsym_3.5.25-0+deb11u1_arm64.deb 12a1d1647ce49c433b0a83c61ea82b28 21508 debug optional postfix-ldap-dbgsym_3.5.25-0+deb11u1_arm64.deb 6892e7b34e9518448bb817421dc93b78 381944 mail optional postfix-ldap_3.5.25-0+deb11u1_arm64.deb 9dbf2b3565164f543c1d480ca69e3853 18404 debug optional postfix-lmdb-dbgsym_3.5.25-0+deb11u1_arm64.deb b0b9da4955f61969ceb34442c3d0bead 370436 mail optional postfix-lmdb_3.5.25-0+deb11u1_arm64.deb 896466081f4f83817a40fa19029cdfe6 23460 debug optional postfix-mysql-dbgsym_3.5.25-0+deb11u1_arm64.deb 23a3415db1b5e3714d3765a33b298ea5 372032 mail optional postfix-mysql_3.5.25-0+deb11u1_arm64.deb 6c5b12f8f411c52afa14df833065c26a 14376 debug optional postfix-pcre-dbgsym_3.5.25-0+deb11u1_arm64.deb 0b4774d32ff0659446d627f1417c8f3a 370000 mail optional postfix-pcre_3.5.25-0+deb11u1_arm64.deb ad68dc4c0fa2e2ffa2481403facacc8f 13224 debug optional postfix-pgsql-dbgsym_3.5.25-0+deb11u1_arm64.deb d377a9bba40be0868f78f17076dddce4 370776 mail optional postfix-pgsql_3.5.25-0+deb11u1_arm64.deb a6eebcf997bae388ef46eecb1f72f6d2 7824 debug optional postfix-sqlite-dbgsym_3.5.25-0+deb11u1_arm64.deb 49c890a7c186cd27072b355758cd549a 368036 mail optional postfix-sqlite_3.5.25-0+deb11u1_arm64.deb 7945f96f41f92ef58617ef50c1164eaf 12134 mail optional postfix_3.5.25-0+deb11u1_arm64-buildd.buildinfo 1c3314c229d4cfb7aa9c13f77251cc08 1517468 mail optional postfix_3.5.25-0+deb11u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEH43oX1cK+BEEs9Pe/9j0ct/+ZwwFAmYm0VcACgkQ/9j0ct/+ ZwyZjBAAu4l+6Qmq0S/HFs2NDdBljDGqY5rqYgDyGaZuLv7QVxJHL9mIrq9LwBdj wWMmBETTv7kt6uJ74y5XmlvlUhuHNqikhwW8G/tlM8kGopRazaNk9SbuMR1Pr5kS nTm7RgbGY6zD6NE2IRkZNz6KtlWIabY0gVyXLlJ6YKqjgQqrzkLH3+JXA1Rw9+Si xvuHXVNn1l89a+L9M12n8er/lvLJOn3MAp/myZXMFQHMCTeTVKc7yTajhtuvL9H4 FkDzRZfM2lvTxHmLFluFaL2Kj5TtiGR1b8Eqpst+kp4mL20K6kCnkhzoOz53wy+c vwqbr+1rnfXw87wJ6Wo8pagirhszQH2uzsEPLDAZfwg2yjPMOBtl3gl/OvWKhSTV kUCW5sD6nTjRS3+9faBUUyOggO5zDy66ESUTo1Ibh6jh1jxkAw0n7v1TqdOSXnYW oN9XFnr8a9TMBxH/LS8lagzuvzfAltvihUX4Zmewg9OqzgPE9uDNNJecOOK3M3mD WhOoICY7ckZ0viUYFTKYSAZ9nzJCgdGRVhhgn8tYO4zsu+Ae7eMFkbJMzLJ1NGVQ dkTMeTuVD1EXxnJTJ4y0HQfoRXHbwXVwUr5twiItk3Nd2+91JVUZRUucjfqt850B yhCG3NvkgaCzIvIm0LelYLnE+SZqmnPXrGgLlK7zrDQze0rftcc= =6ZPK -----END PGP SIGNATURE-----